GDPR (General Data Protection Regulation) Policy
Last Updated: October 2025 (Date to be determined)
Introduction
This **GDPR Privacy Policy** applies specifically to the processing of personal data for users who are residents of the European Economic Area (EEA) (hereinafter, "Data Subjects"). It is established in compliance with the General Data Protection Regulation (GDPR).
1. Data Controller Information
The School acts as the Data Controller regarding your personal data.
**[Please insert the name of the business and contact details (address, email address) here.]**
2. Legal Basis for Data Processing
The primary legal bases under which the School processes the personal data of Data Subjects are as follows:
- Contractual Necessity: When processing is necessary for the performance of a contract (e.g., providing lessons) or to take pre-contractual steps at your request.
- Consent: Where explicit consent has been obtained for a specific purpose (e.g., direct marketing communications).
- Legitimate Interests: When processing is necessary for the School's legitimate interests (e.g., service improvement, security, fraud prevention), provided these interests do not override the rights of the Data Subject.
- Legal Obligation: When processing is necessary for compliance with a legal obligation to which the School is subject.
3. Data Collection and Usage
The personal data collected and the purposes of use are the same as those outlined in Section 2 of our standard Privacy Policy. All data belonging to EEA residents is placed under the protection of the GDPR.
4. Cross-Border Data Transfer
The School is based in Japan, and your personal data will be transferred to and processed in Japan, which is outside the EEA.
Japan has been recognized by the European Commission as providing an adequate level of data protection under the GDPR. Your personal data is protected with an equivalent level of security.
5. Data Subject Rights
Data Subjects who are EEA residents have the following rights under the GDPR:
- Right of Access: The right to obtain confirmation about the processing of their personal data.
- Right to Rectification: The right to have inaccurate personal data corrected.
- Right to Erasure (Right to be Forgotten): The right to have their personal data erased under specific conditions.
- Right to Restriction of Processing: The right to restrict the processing of personal data under specific conditions.
- Right to Data Portability: The right to receive provided personal data in a structured, commonly used, and machine-readable format.
- Right to Object: The right to object to specific types of processing (e.g., processing for direct marketing purposes).
- Right to Withdraw Consent: The right to withdraw consent at any time where consent is the legal basis for processing.
To exercise these rights, please contact the Data Controller using the contact information provided in Section 1.
6. Right to Lodge a Complaint
The Data Subject has the right to lodge a complaint with a supervisory authority in their place of residence or work if they believe that their rights under the GDPR concerning their personal data have been infringed upon.